
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


09/500,108 


02/08/2000 


Kevin L. Fox 


GCSD-1054 (51045) 


2137 



7590 02/03/2005 

Richard K Warther 

Allen Dyer Doppelt Milbrath & Gilchrist PA 

255 S Orange Avenue - Suite 1401 

PO Box 3791 

Orlando, FL 32802-3791 



EXAMINER 



ABRISHAMKAR, KAVEH 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 02/03/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



kjtticg mcii on ournrriary 


Application No. 

09/500,108 


Applicant(s) 

FOX ET AL 


Exam in r 

Kaveh Abrishamkar 


Art Unit 

2131 





-- The MAILING DATE of this communication appears on th cover sh t with the correspondenc address -- 
Period for Reply 
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DETAILED ACTION 



1 . This action is in response to the amendment filed on July 28, 2004. Claims 1 - 
36 were originally received for consideration. Applicant filed an affidavit under 37 CFR 
1.131 to overcome U.S. Patent No. 6,415,321 to Gleichauf et al. as the primary 
reference. In view of this submission, claims 1 - 36 are pending, and the applicant has 
not amended, added, or cancelled any of the original claims. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1,2,4,6,7,8,10,12,13,14,16,18,19,20,22,24,25,29,31 and 35 are rejected 
under 35 U.S.C. 102(b) as being anticipated by Ronnen (U.S. Patent 5,699,403). 

Regarding claim 1, Ronnen discloses: 

A method for assessing the security posture of a network comprising the steps 

of: 
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creating a system object model database representing a network, wherein the 
system object model database supports the information data requirements of disparate 
network vulnerability analysis programs (column 3 line 30 - column 4 line 25); 

exporting the system object model database of the network to the disparate 
network vulnerability/risk analysis programs (column 3 line 30 - column 4 line 25, 
column 7 lines 8 -40); 

analyzing the network with each network vulnerability analysis program to 
produce data results from each program (column 4 lines 1-61, column 6 lines 21 - 
56); and 

correlating the data results of the network vulnerability analysis programs to 
determine the security posture of the network (column 6 lines 57 - 65). 

Claim 2 is rejected as applied above in rejecting claim 1 . Furthermore, Ronnen 
discloses: 

A method according to claim 1 , and further comprising the step of importing the 
system object model database to the network vulnerability analysis programs via an 
integrated application programming interface (column 3 line 30 - column 4 line 25, 
column 7 lines 8-40). 

Claim 4 is rejected as applied above in rejecting claim 1 . Furthermore, Ronnen 
discloses: 
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A method according to claim 1 , and further comprising the step of establishing a 
class hierarchy to define components of the network vulnerability analysis programs that 
share common and programming traits (column 6 lines 57 - 65). 

Claim 6 is rejected as applied above in rejecting claim 1 . Furthermore, Ronnen 
discloses: 

A method according to claim 1 , and further comprising the step of running the 
network vulnerability assessment/risk analysis programs to obtain data results 
pertaining to network system details, network topologies, node level vulnerabilities and 
network level vulnerabilities (column 4 lines 1-61, column 6 lines 21 - 56). 

5. Claims 7,8,10, and 12 are method claims analogous to the method claims 
rejected above, and are therefore rejected using the same rationale given above. 

6. Claims 13,14,16,18,19,20,22, and 24 are computer-readable medium claims 
analogous to the method claims rejected above, and are therefore rejected using the 
same rationale given above. 

7. Claims 25,29,31 , and 35 are system claims analogous to the method claims 
rejected above, and are therefore rejected using the same rationale given above. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 3,9,15,21,26,27,28, 32, 33, and 34 are rejected under 35 U.S.C. 103(a) 

as being unpatentable over Ronnen (U.S. Patent 5,699,403) in view of Mayo et al. (U.S. 

5,751,965). 

Claim 3 is rejected as applied above in rejecting claim 1 . Furthermore, Ronnen 
discloses a method of assessing the security posture of a network comprising the steps 
of creating a system object model database, exporting this database to vulnerability 
analysis programs, and correlating the data results from these network vulnerability 
analysis programs to determine the security posture of a network. However, Ronnen 
does not explicitly describe modeling the network as a map on a graphical user 
interface. Mayo teaches the method of modeling the network as a map on a graphical 
user interface (column 2 lines 58-63, column 5 lines 49-53, column 6 lines 4-21). 
Ronnen delineates a method of gathering, storing, and correlating network vulnerability 
information, and displaying this information to users via a graphical user interface 
(column 6 lines 48 - 65). However, Ronnen does not divulge the method of displaying 
these results as a map. Mayo states the importance of the presentation of network 
information on a graphical user interface (column 1 lines 64-67, column 2 lines 1-9), and 
delineates a method of constructing a network map showing displaying different network 
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attributes. Displaying network link, and nodes in a map format is well-known in the art, 
and a network map is commonly used to display network alarms, and failures, because 
it displays the relationship between nodes in a clear manner. Therefore, it would have 
been obvious to one of ordinary skill in the art at the time the applicant's invention was 
made to display the network vulnerability assessment information gathered by the 
system of Ronnen using the network display method of Mayo to be able to display the 
network vulnerability information in a clear and organized manner so that one could 
better use the network vulnerability information to safeguard the network elements. 

4. Claims 5,11,17,23,30 and 36 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ronnen (U.S. Patent 5,699,403) in view of Smith et at. (U.S. 
5,787,235). 

Regarding claim 5, Ronnen discloses a method for assessing the security posture of a 
network comprising the step of correlating the data results from a vulnerability 
assessment programs. However, Ronnen does not explicitly describe how this data is 
correlated. Smith delineates a fuzzy-logic based evidence fusion tool that can be 
applied to network configuration analysis, modeling and assessment (column 6 lines 26- 
30). Smith states the tool disclosed applies fuzzy logic to telecommunication network 
configuration analysis, modeling and assessment. This assessment disclosed can be 
viewed as a network vulnerability assessment correlation. Therefore it would have been 
obvious to one of ordinary skill in the art at the time the applicant's invention was made 



Application/Control Number: 09/500,108 Page 7 

Art Unit: 2131 

to use Smith's method of applying fuzzy logic to network data to correlate the 
vulnerability assessment information provided by Ronnen's system. The use of fuzzy 
logic processing allows correlation of the results from the programs into a cohesive 
vulnerability assessment to obtain an overall network vulnerability posture. 

5. Claim 9 is a method claim analogous to the method claims rejected above, and 
are therefore rejected using the same rationale given above. 

6. Claims 15, and 21 are computer-readable medium claims analogous to the 
method claims rejected above, and are therefore rejected using the same rationale 
given above. 

7. Claims 26,27,28,32,33, and 34 are system claims analogous to the method 
claims rejected above, and are therefore rejected using the same rationale given above. 

Conclusion 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-21 7-9197 (toll-free). 
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